AWS Security ChangesHomeSearch

AWS AWSEC2 documentation change

Service: AWSEC2 · 2025-08-28 · Documentation low

File: AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md

Summary

Removed example IAM policies for EC2 instance creation restrictions and IMDS modification controls

Security assessment

Removal of example security policies reduces documentation clarity but doesn't indicate a security vulnerability. The deleted policies were examples rather than addressing active issues.

Diff

diff --git a/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md b/AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md
index 71642b0b0..057fdad80 100644
--- a//AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md
+++ b//AWSEC2/latest/UserGuide/ExamplePolicies_EC2.md
@@ -759,40 +758,0 @@ Only allow specific tags for spot-instances-request. Surprise inconsistency numb
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Sid": "AllowRun",
-                "Effect": "Allow",
-                "Action": [
-                    "ec2:RunInstances"
-                ],
-                "Resource": [
-                    "arn:aws:ec2:us-east-1::image/*",
-                    "arn:aws:ec2:us-east-1:*:subnet/*",
-                    "arn:aws:ec2:us-east-1:*:network-interface/*",
-                    "arn:aws:ec2:us-east-1:*:security-group/*",
-                    "arn:aws:ec2:us-east-1:*:key-pair/*",
-                    "arn:aws:ec2:us-east-1:*:volume/*",
-                    "arn:aws:ec2:us-east-1:*:instance/*",
-                ]
-            },
-            {
-                "Effect": "Allow",
-                "Action": "ec2:RunInstances",
-                "Resource": "arn:aws:ec2:us-east-1:*:spot-instances-request/*",
-                "Condition": {
-                    "StringEquals": {
-                        "aws:RequestTag/environment": "production"
-                    }
-                }
-            }
-        ]
-    }
-    
-
@@ -1864,25 +1823,0 @@ The following policy permits only users with the role `ec2-imds-admins` to make
-JSON
-    
-
-****
-    
-    
-    
-    {
-        "Version": "2012-10-17",
-        "Statement": [
-                   {
-                "Sid": "AllowOnlyImdsAdminsToModifySettings",
-                "Effect": "Deny",
-                "Action": "ec2:ModifyInstanceMetadataOptions",
-                "Resource": "*",
-                "Condition": {
-                    "StringNotLike": {
-                        "aws:PrincipalARN": "arn:aws:iam::*:role/ec2-imds-admins"
-                    }
-                }
-            }
-        ]
-    }
-    
-